RE: 5 - 5.01——网络犯罪公约草案声明

很小的变化[]——一个引人注目的“新一代”,因为更古老的安全专家需要教育,另一个添加‘授权’这个词在未来为强调最后一段。> - - - - - - - - - - - >从原始信息:戴夫·曼(mailto: dmann@BINDVIEW.COM]>发送:星期三,2000年5月10日一41点>:cve-editorial-board-list@lists.mitre.org >主题:5——网络犯罪公约草案声明> > >下面是第五版和最后一个,我今天可以处理。> >这个版本是由马特主教。大多只是>作家缩短和澄清几点。> >国际海事组织,我认为站进一步缩短,但我今天没有>时间投入。> >可能其他人也继续将版本号>编辑,这样我们可以跟踪更改?> >谢谢!Dave > > > - - > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >戴夫·曼| |电子邮件:dmann@bos.bindview.com >高级安全分析师| |电话:508-485-7737 x254 > BindView公司| |传真:508-485-0737 > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = > > > >亲爱的<公约起草者> > >我们是一群的安全专家参与共同>漏洞和风险敞口倡议。这个项目是一个>之间的合作范围广泛的计算机安全负责>专家和公司开发一套共同的行业>的名称不同的漏洞在计算机>系统。因此,我们代表的截面技术>社区工作计算机安全漏洞。> >专家、教育工作者和从业人员的信息安全,我们希望注册我们的担忧欧洲委员会草案>条约犯罪在网络空间。 Portions of the proposed treaty > may result in criminializing practices and tools commonly used in > making computer systems resistant to attack. If signatory states > pass legislation to implement the treaty, they will endanger the > security of their computer systems because professionals > will not be able to protect those systems adequately. They will > also hinder the education of [OMIT the next generation of \OMIT]information > protection specialists. > > Critical to the protection of computer systems and infrastructure > is the ability to test software for new vulnerabilitities, determine > the presence of known vulnerabilities in existing systems, and > exchange information about such vulnerabilities. Professionals > and companies routinely develop, use, and share tools designed to > exploit vulnerabilities. Commercial tools for system administrators > and security experts include these exploit tools. Academic > institutions > use these tools and techniques to educate students and in research to > develop new and better defenses. > > Our experience convinces us that impossible to reliably distinguish > between tools used in computer crime and instances of tools used > for the legitimate purposes described above. > > Article 6 of the treat is vague with respect to issues of use, > distribution, or possession of software that could be used to > violate the security of computer systems. Enabling legislation > that criminalized tools or their uses would affect practitioners, > researchers, and teachers, and would slow the important progress > of computer security research. > > We agree that breaking into computer systems is wrong. But, we do > not want the treaty, and the resulting legislation, to impede > the development and application of good security measures. We are > strongly in favor of criminalizing inappropriate behavior, but we > urge the Council to avoid criminalizing the development, [authorized] use, and > distribution of tools that are important to professionals -- in > commerce, academia, and government -- who are working to prevent > misuse. > > We ask that the treaty drafters specifically recognize the legitimate > and important role that the creation and public dissemination of > demonstration code plays in advancing the information security > field. Moreover, we urge that appropriate laws criminalizing the > misuse of such tools replace the ownership or creation clauses of > the treaty. > > Signed, > >   > > > "Organizational affiliations are listed for > identification purposes only, and do not necessarily reflect the > official opinion of the affiliated organization." >